From: Chee Chew Leong (cleong3@csc.com)
Date: Mon Apr 23 2007 - 06:53:07 ART
Great. But should acl 3 be
access-list 3 deny host 172.16.103.1
access-list 3 permit any
This will only accept RP 172.16.103.1 with group 231.1.1.1 and reject
everything else.
ivan <ivan@iip.net>
Sent by: nobody@groupstudy.com
04/22/2007 10:56 PM
Please respond to
ivan <ivan@iip.net>
To
ccielab@groupstudy.com, "Riapolov, Bradley" <BRiapolo@wm.com>
cc
"Narbik Kocharians" <narbikk@gmail.com>
Subject
Re: RP-filtering - what am i missing?
RP filtering is extraordinary thing (IMO). If you want to filter all group
from all fake RP except CRP 172.16.103.1 and group 231.1.1.1
Filter must look like
ip pim send-rp-discovery Loopback104 scope 16
ip pim rp-announce-filter rp-list 1 group-list 2
ip pim rp-announce-filter rp-list 3 group-list 4
R4(config)#do sri access
access-list 1 permit 172.16.103.1
access-list 2 permit 231.1.1.1
access-list 3 permit any
access-list 4 deny any
MA listen update from CRP 172.16.103.1 and permit to advrtise information
about 231.1.1.1 group. Also MA listen advertisment from any CRP (ACL3) but
deny advertising any information (ACL4) from this CRP.
On Saturday 21 April 2007 22:00, Riapolov, Bradley wrote:
> interesting observation. Thank you. I finally got this to work with a
lot
> simpler config - thanks everybody. All you have to do is just filter
the
> traffic you do not want.
>
> R4(config)#do sri pim
> ip pim send-rp-discovery Loopback104 scope 16
> ip pim rp-announce-filter rp-list 1 group-list 2
> R4(config)#do sri access
> access-list 1 permit 172.16.103.1
> access-list 2 permit 231.1.1.1
> R4(config)#do sh ip pi rp
> Group: 231.1.1.1, RP: 172.16.101.1, v2, v1, uptime 00:02:50, expires
> 00:02:05
>
>
>
> -----Original Message-----
> From: Narbik Kocharians [mailto:narbikk@gmail.com]
> Sent: Saturday, April 21, 2007 11:59 AM
> To: Riapolov, Bradley
> Cc: ccielab@groupstudy.com
> Subject: Re: RP-filtering - what am i missing?
>
>
> This is what i found when i tried filtering. If the RP was claiming to
be
> the RP for only two Mcast groups, the downstream router (The mapping
agent)
> was able to filter one of the groups. But if the RP was the RP for all
> groups i could not filter one of the group addresses successfuly.
>
> On 4/21/07, Riapolov, Bradley < BRiapolo@wm.com> wrote:
>
> Two RPs ( 172.16.101.1, 172.16.103.1), R4 is mapping and has elected the
> highest ip as the acting RP. Now, I would like to test RP-FILTERING
with
> the intent to make 172.16.101.1 the RP - it does not work, why - am I
> missing how this is supposed to work? When I run debug ip pim auto-rp,
> filtering does not happen!
> R4#sri pim
> ip pim send-rp-discovery Loopback104 scope 16
> ip pim rp-announce-filter rp-list 1 group-list 2
> ip pim rp-announce-filter rp-list 3 group-list 4
> R4#sri access-list
> access-list 1 permit 172.16.101.1
> access-list 2 permit 224.0.0.0 15.255.255.255
> access-list 3 deny any
> access-list 4 deny any
>
> R4(other routers show the same info) #sh ip pim rp
> Group: 231.1.1.1, RP: 172.16.103.1, v2, v1, uptime 00:11:55, expires
> 00:02:0
>
> Thank you,
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
> <http://www.groupstudy.com/list/CCIELab.html>
>
>
>
>
>
> --
> Narbik Kocharians
> CCIE# 12410 (R&S, SP, Security)
> CCSI# 30832
> Network Learning, Inc. (CCIE class Instructor)
> www.ccbootcamp.com <http://www.ccbootcamp.com> (CCIE Training)
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- NOC umos.ru Ivan Kuchin (495) 137-31-04
This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:37 ART